Self-Hosting A Free Website – Cloudflare Setup Guide

Embracing the Freedom to Self-Host

Ever thought about running your own website without monthly hosting fees? By setting up a Raspberry Pi with Cloudflare, you can do just that. Whether you're interested in using WordPress, Drupal, or Ghost, self-hosting opens up a world of possibilities without ongoing costs. In this guide, we'll focus specifically on setting up Cloudflare for your self-hosted website, including configuring SSL, optimizing performance, and leveraging its powerful DNS features. For guidance on setting up specific platforms like WordPress, Drupal, or Ghost, be sure to check out my other articles, which build on this foundation without duplicating content.

Disclaimer: Hosting a website from home can expose your network to security risks. Always ensure you have robust security measures in place, and consult with your ISP to confirm that hosting is permitted under your service agreement.

How to Navigate This Series

This comprehensive guide covers multiple platforms and configurations to suit different needs and preferences. This guide is a foundational resource for setting up Cloudflare to secure and optimize your self-hosted website on a Raspberry Pi 5. Before proceeding, you’ll need to choose and install a platform that best fits your needs.

• Choose Your Platform: Begin by selecting one of the following platforms: WordPress, Drupal, or Ghost, and follow the steps in the linked articles to install your chosen platform.
• Return for Cloudflare Setup: After installing your platform, return to this guide to set up Cloudflare and manage your website’s enhanced security and performance.

Related Articles

• Self-Hosting A Free Website with Raspberry Pi 5 – Setting Up WordPress
• Self-Hosting A Free Website with Raspberry Pi 5 – Setting Up Drupal
• Self-Hosting A Free Website with Raspberry Pi 5 – Setting Up Ghost

Setting Up Cloudflare

Cloudflare is more than just an SSL provider—it’s a comprehensive platform that enhances your website’s security, performance, and accessibility. In this guide, we’ll focus on setting up Cloudflare for your self-hosted website, walking you through the steps to create a secure and efficient connection with ease.

The first thing you'll need to do if you don't already have an account is to create one:

• Go to Cloudflare and sign up for a free account.
• Add your website’s domain by following the prompts. Cloudflare will automatically scan your DNS records and prepare them for transfer, simplifying the process.

Update Your Domain’s Nameservers

• Cloudflare will generate nameservers for you to add to your domain registrar’s settings (e.g., GoDaddy, Namecheap). These new nameservers route all traffic through Cloudflare’s network.
• It may take a few hours for this change to propagate. Once your nameservers are active, Cloudflare will show your domain as “Active” in the dashboard.

Configure DNS Records in Cloudflare

After Cloudflare’s nameservers are active, it’s time to ensure your DNS records are correctly set up:

• A Record: Verify that your domain’s A record points to the IP address of your self-hosted server (e.g., a VPS or local server with a static IP). This record routes traffic to your server.
  • In Cloudflare, go to DNS settings, locate your A record, and confirm it has your server’s IP address.

Type: A
Name: @
Content: Your_Public_IP
TTL: Auto
Proxy status: Proxied

• Set the cloud icon (proxy status) to "Proxied.” This routes your traffic through Cloudflare’s network, enabling HTTPS and adding security.
• CNAME Record (Optional): If you use subdomains, such as www.yourdomain.com, ensure a CNAME record points www to your root domain (yourdomain.com). This lets Cloudflare manage all subdomain traffic as well.

Type: CNAME
Name: www
Content: yourdomain.com
TTL: Auto
Proxy status: Proxied

• Additional Records (Optional): Add any other records your website requires, such as MX records for email or TXT records for verification with services like Google Search Console. These settings are available under DNS in your Cloudflare dashboard.

Creating a Tunnel with Cloudflare

Cloudflare Tunnel, formerly known as Argo Tunnel, allows you to securely expose your server to the internet without changing firewall settings or needing a public IP. This is especially useful for self-hosted setups that don’t have a static IP or when you want an extra layer of security.

Prerequisites

Before you begin, if you haven't already done so, make sure you:

• Add your website to Cloudflare.
• Change your domain nameservers to Cloudflare.

Step 1: Install Cloudflare’s cloudflared Tool

To install cloudflared on Linux:

Note: These commands are all completed from the terminal or command line.

1. Add Cloudflare's Package Signing Key (GPG):

• First we will create a directory:

sudo mkdir -p --mode=0755 /usr/share/keyrings

• Now we will add the key

curl -fsSL https://pkg.cloudflare.com/cloudflare-main.gpg | sudo tee /usr/share/keyrings/cloudflare-main.gpg >/dev/null

2. Add the Cloudflare Repository:

echo "deb [signed-by=/usr/share/keyrings/cloudflare-main.gpg] https://pkg.cloudflare.com/cloudflared $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflared.list

Note: You may get an error if the specific OS release codename (e.g., buster, bullseye, etc.) is not supported by Cloudflare.

In this case:

• Verify Compatibility: Check the Cloudflare repository to see if your Raspberry Pi's OS version is listed.
• Try a Compatible OS: If your OS is not supported, consider using a different OS for your Raspberry Pi, such as Raspberry Pi OS Lite (based on Debian bullseye or buster) or Ubuntu Server LTS versions.

3. Update Repositories and Install cloudflared:

sudo apt-get update && sudo apt-get install cloudflared

Step 2: Authenticate cloudflared

1. Log In to Your Cloudflare Account:
   Run the following command:

cloudflared tunnel login

This opens a browser for authentication. After logging in, select your hostname. A cert.pem file will be generated in the default cloudflared directory.

Step 3: Create a Tunnel

1. Create a New Tunnel:
   Replace <NAME> with a descriptive name for your tunnel:

cloudflared tunnel create <NAME>

This command establishes a persistent relationship between the tunnel name and its UUID. A credentials file will also be generated.

2. Verify the Tunnel:
   Confirm your tunnel has been created by running:

cloudflared tunnel list

Step 4: Configure the Tunnel

1. Create a Configuration File:
   Navigate to your .cloudflared directory and create a config.yml file:

sudo nano ~/.cloudflared/config.yml

Add the following fields to the configuration file, replacing <Tunnel-UUID>, <your-hostname>⁣, ⁣<path-to-file> and <your-host-ip> with the appropriate values for your setup:

Note: <your-hostname> must be a valid FQDN, which is the exact domain name users will type in their browser to load your webpage. For example, use ghost.example.com or www.example.com depending on your desired setup.

tunnel: <Tunnel-UUID>
credentials-file: <path-to-file>/.cloudflared/<Tunnel-UUID>.json
protocol: http2
ingress:
  - hostname: <your-hostname>
    service: http://<your-host-ip>:2368
    no-tls-verify: true
  - service: http_status:404

2. Verify the Configuration File:
   Ensure the file is set up correctly:

cat ~/.cloudflared/config.yml

Step 5: Start Routing Traffic

1. Route Traffic to the Tunnel:
   Assign a CNAME record to route traffic through the tunnel:

cloudflared tunnel route dns <UUID or NAME> <your-hostname>

2. Confirm the Route:
   Verify that the route is active:

cloudflared tunnel list

Step 6: Run the Tunnel

To start the tunnel and proxy incoming traffic:

1. Run the Tunnel:

cloudflared tunnel run <UUID or NAME>

2. Run as a Service:
   Install and enable the tunnel as a service:

sudo cloudflared service install
sudo systemctl enable cloudflared
sudo systemctl start cloudflared
sudo systemctl restart cloudflared

You may run into errors here if you do copy your files listed in ~/.cloudflared/ using these commands:

sudo mkdir -p /etc/cloudflared
sudo cp ~/.cloudflared/* /etc/cloudflared/
sudo chmod 600 /etc/cloudflared/*

Now try again:

sudo cloudflared service install
sudo systemctl enable cloudflared
sudo systemctl start cloudflared
sudo systemctl restart cloudflared

Step 7: Verify the Tunnel

You can get detailed information about the tunnel using:

cloudflared tunnel info <UUID or NAME>

With your Cloudflare Tunnel successfully set up, your self-hosted website is now securely accessible online. You can verify this by loading your page using the fully qualified domain name (FQDN) configured earlier. If everything is working as expected, your site should display seamlessly.

For those looking to customize their setup further or explore advanced features, Cloudflare’s official documentation is an excellent resource to guide you through additional configurations and optimizations.

Security Benefits of Cloudflare Tunnel

Cloudflare Tunnel enhances security by eliminating the need to open inbound ports on your firewall, reducing vulnerabilities. It automatically encrypts all traffic with TLS, ensuring data security, and it can seamlessly handle servers with dynamic IP addresses, making it adaptable to various network setups. With Cloudflare Access, you can implement advanced access controls for additional protection, providing a secure, streamlined solution for your network.

Troubleshooting Tips

• Service Issues: Check logs for both cloudflared and your web server using these commands:
• DNS Propagation Delays: Allow time for DNS changee dig or online DNS checkers.
• SSL Certificate Errors: Confirm that your Origin Certificate is properly installed and configured.

sudo journalctl -u cloudflared -f

• Nginx logs: /var/log/nginx/
• Apache logs: /var/log/apache2/
• Firewall Settings: Ensure outbound traffic to Cloudflare is permitted on ports 7844, 443, and 80 to maintain connectivity.

Conclusion

Securing and optimizing your self-hosted website doesn’t have to be complicated. By setting up your Raspberry Pi with Apache as the web server and using Cloudflare for SSL and traffic management, you create a powerful combination that ensures security, reliability, and performance. Whether you’re hosting a blog, running a personal project, or experimenting with web hosting, these steps provide a strong foundation.

With Cloudflare managing your SSL and offering additional protections like DDoS mitigation and a global CDN, you can focus on what matters most—creating content and engaging with your audience.

Now that your website is secure and ready to go, it’s time to take it live and start exploring the endless possibilities of your self-hosted setup. If you found this guide helpful, be sure to share it with others embarking on their self-hosting journey. Happy hosting!

Thanks for Your Support!
I truly appreciate you taking the time to read my article. If you found it helpful, please consider sharing it with your friends or fellow makers. Your support helps me continue creating content like this.

• Leave a Comment: Got questions or project ideas? Drop them below—I'd love to hear from you!
• Subscribe: For more tutorials, guides, and tips, subscribe to my YouTube channel and stay updated on all things tech!
• Shop & Support: If you're ready to get started, check out the recommended products in my articles using my affiliate links. It helps keep the lights on without costing you anything extra!

Thanks again for being part of this community, and happy building!